The unprecedented rise of a work from home staff has greatly increased the risk of data breaches for the IT/ITes sector.
With companies forced to mandate Work From Home (WFH) for its employees in the face of the global COVID-19 pandemic, the major focus has been on business continuity. However, IT/ITes companies have also had to reconcile their responsibilities towards keeping client data safe with the fact that most of their employees are now working remotely.
Under the cyber laws of different countries, companies are liable for breach of client data irrespective of whether employees are working remotely or from office. In the case of India, Pavan Duggal, a cyber law expert, opined in an article in Business Standard, “Companies need to quickly realize that when they are allowing work from home, including mission-critical work, they become intermediaries under the Information Technology Act 2000. Hence, they are duty-bound to comply with the parameters of due diligence and other compliances under the Indian cyber law, rules and regulations”.
Below are a few ways in which organizations are vulnerable to data breaches when their employees are working from home:
While IT & ITes companies had elementary work from home policies (or in some cases, an unofficial WFH policy), these organizations were unprepared for their entire workforces to start working from home overnight, when the COVID-19 crisis hit. Thus, when lockdowns and stay-at-home orders were announced globally, these organizations had to deploy company devices in a WFH situation almost immediately. Consequently, the deployment has not been foolproof and many company devices are now being used in home settings with gaps in their security apparatus, a fact which threat actors are only too aware of.
Bring Your Own Devices
Forced to struggle between meeting client targets and a limited stock of portable devices to provide to employees, many organizations have been forced to allow employees to use their own devices for work-related purposes, hence, creating a Bring Your Own Device (BYOD) policy on the fly. This development represents a major challenge in terms of data security as company data is now being used on personal devices with a high potential for breaches. While IT Security teams had controls over company-owned devices, they cannot exercise the same levels of data control for employees on personal devices.
Unscrupulous or careless employees
Unscrupulous or careless employees who do not understand the importance of data security may click on unauthorized links or download malware on their devices. They may not patch their devices properly or access unsafe/unauthorized websites. These are all vectors for malicious malware and such malware can easily take control of systems and steal company data.
Data breaches can be disastrous and IT Admins now have the added burden of maintaining business continuity while managing data security. Despite the fluid situation, they still need to implement processes and structures where remote working is conducted in secure ways and with proper access controls.
Seqrite Endpoint Security Cloud offers a comprehensive and powerful platform for enterprises to keep their endpoints safe remotely from anywhere. This cloud-based endpoint security and control platform leverages advanced features like Device Control, Data Loss Prevention, Intrusion Detection/Prevention System (IDS/IPS), etc. to ensure complete security with easy manageability.